We provide the backend here (the API is documented in the source code), which includes:

Wallet.java: Interacts with the wallet.

Pocket.java: Interacts with the pocket.

Store.java: Interacts with the product options and prices.

Part 1: Exploit your program

The goal is to attack the program and exploit a race condition in this system. Can you get a car but paying less than its value?
Obviously, it is not allowed to modify the files pocket.txt nor wallet.txt other than through the APIs.

What is the shared resource? Who is sharing it?

What is the root of the problem?

Explain in detail how you can attack this system.

Provide the program output and result, explaining the interleaving to achieve them.

Hint: it is allowed to artificially delay actions or to set break points to make the attack work reliably.

Part 2: Fix the API

The goal is to fix the API to avoid the vulnerability.

Write a Wallet method implementing the necessary protections:

public void safeWithdraw(int valueToWithdraw) throws Exception

Were there other APIs suffering from possible races?
If so, please explain them and update the APIs to eliminate any race problems.

Why are these protections enough?

Make sure that your solution works outside any IDE you might use.

Report

Please, submit a report that includes in addition to your answers to the questions
above:

Part 0: your ShoppingCart.java with clear instructions for compile it and run it.